Change: Switch to using SHA256 signature algorithm to sign the Dangerzone executables and installer.

2025-04-28 09:52:37 +02:00 · 2024-09-26 16:15:03 +03:00 · 2024-09-26 16:15:03 +03:00 · b79113c1c5
commit b79113c1c5
parent 941131f7a9
1 changed files with 7 additions and 5 deletions
--- a/install/windows/build-app.bat
+++ b/install/windows/build-app.bat
@ -2,12 +2,14 @@ REM delete old dist and build files
 rmdir /s /q dist
 rmdir /s /q build

-REM build the exe
+REM build the gui and cli exe
 python .\setup-windows.py build

 REM code sign dangerzone.exe
-signtool.exe sign /v /d "Dangerzone" /a /n "Freedom of the Press Foundation" /fd sha1 /t http://time.certum.pl/ build\exe.win-amd64-3.12\dangerzone.exe
-signtool.exe sign /v /d "Dangerzone" /a /n "Freedom of the Press Foundation" /fd sha1 /t http://time.certum.pl/ build\exe.win-amd64-3.12\dangerzone-cli.exe
+signtool.exe sign /v /d "Dangerzone" /a /n "Freedom of the Press Foundation" /fd sha256 /t http://time.certum.pl/ build\exe.win-amd64-3.12\dangerzone.exe
+
+REM code sign dangerzone-cli.exe
+signtool.exe sign /v /d "Dangerzone" /a /n "Freedom of the Press Foundation" /fd sha256 /t http://time.certum.pl/ build\exe.win-amd64-3.12\dangerzone-cli.exe

 REM build the wix file
 python install\windows\build-wxs.py > build\Dangerzone.wxs
@ -17,9 +19,9 @@ cd build
 candle.exe Dangerzone.wxs
 light.exe -ext WixUIExtension Dangerzone.wixobj

-REM code sign dangerzone.msi
+REM code sign Dangerzone.msi
 insignia.exe -im Dangerzone.msi
-signtool.exe sign /v /d "Dangerzone" /a /n "Freedom of the Press Foundation" /fd sha1 /t http://time.certum.pl/ Dangerzone.msi
+signtool.exe sign /v /d "Dangerzone" /a /n "Freedom of the Press Foundation" /fd sha256 /t http://time.certum.pl/ Dangerzone.msi

 REM moving Dangerzone.msi to dist
 cd ..